Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Open Source Programming Linux

Linux Foundation Adds Software Supply Chain Security To LFX (zdnet.com) 12

An anonymous reader quotes a report from ZDNet: LFX supports projects and empowers open source teams by enabling them to write better, more secure code, drive engagement, and grow sustainable software ecosystems," the Linux Foundation says. Now, to address the growing threat of software supply chain attacks, the foundation is upgrading its LFX Security module to deal with these attacks. Jim Zemlin, the Linux Foundation's executive director, announced this new tooling today at the Linux Foundation Membership Summit.

Enhanced and free to use, LFX Security makes it easier for open source projects to secure their code. Specifically, the LFX Security module now includes automatic scanning for secrets-in-code and non-inclusive language, adding to its existing automated vulnerability detection capabilities. Software security firm BluBracket is contributing this functionality to the LFX as part of its mission to make software safer and more secure. This functionality builds on contributions from open source developer security company Snyk, helping make LFX the leading vulnerability detection platform for the open source community. [...] LFX Security will be further scaled out in 2022, helping to solve challenges for hundreds of thousands of critical open source projects under the Open Source Security Foundation. LFX Security is free and available now.

This discussion has been archived. No new comments can be posted.

Linux Foundation Adds Software Supply Chain Security To LFX

Comments Filter:
  • by Crashmarik ( 635988 ) on Wednesday November 03, 2021 @08:36AM (#61953927)

    I always felt the need to be protected from non inclusive language.

  • by anonymous scaredycat ( 7362120 ) on Wednesday November 03, 2021 @08:38AM (#61953929)
    In what way is non-inclusive language a software supply chain attack?
    Also what is it, who defines it?
    Are people who use it excluded?
    • Maybe the theory is that the security of open source code relies on the "many eyes" paradigm. Non-inclusive language may dissuade some entities from participating in reviewing code. I'm spitballing here.
    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Anything an LGTQ SJW identifies as assault is assault, according to them, including using the word "master" and "slave" to describe database relationship.

  • Wasted effort. (Score:4, Insightful)

    by Gravis Zero ( 934156 ) on Wednesday November 03, 2021 @09:30AM (#61954069)

    Worrying about "non-inclusive language" removes attention from actual security problems. I'm pretty sure this exact argument caused people to get booted out the Linux Foundation but it doesn't make it less true.

  • Jumping the shark? (Score:3, Insightful)

    by jenningsthecat ( 1525947 ) on Wednesday November 03, 2021 @09:41AM (#61954105)

    ...empowers open source teams by enabling them to write better, more secure code, drive engagement, and grow sustainable software ecosystems," the Linux Foundation says.

    When I read buzzwords and phrases such as "empowers", "enabling", "drive engagement", and "grow sustainable software ecosystems"... well damn, I just realized that 'sentence' is almost entirely comprised of empty and meaningless bullshit. It sounds like some HR twat market-droid wannabe, (or some market-droid twat HR wannabe), is verbally jerking off. When I hear that crap from a non-profit foundation devoted to Open Source and Free Standards, I fear that co-option by the private sector might not be far behind.

    • by Junta ( 36770 ) on Wednesday November 03, 2021 @10:15AM (#61954185)

      The Linux Foundation jumped the shark long ago. Most 'initiatives' are just letting various companies give them money to use Linux Foundation owned brands for their marketing purposes. They used to focus on initiatives to promote the ecosystem, but none of the distributions really care and ultimately the foundation moved on to other places driven by 'sponsor' funds telling them what to do, more for the sake of the vendor than for any community benefit.

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (10) Sorry, but that's too useful.

Working...